[c-nsp] 'privilege level' syntax
dpeng at cisco.com
Fri Sep 23 12:51:43 EDT 2005
Peter Hicks [peter.hicks at poggs.co.uk] wrote:
> I'm attempting to give a couple of our site staff access to configure VLAN
> assignments on some switches.
> Using RADIUS, they are assigned privilege level 10 and the following has
> been used to move commands down to level 10:
> privilege interface level 10 switchport
> privilege interface level 10 switchport access
> privilege interface level 10 switchport access vlan
> privilege interface level 10 shutdown
> privilege interface level 10 no shutdown
> privilege interface level 10 description
> privilege configure level 10 interface
> privilege exec level 10 configure terminal
> privilege exec level 10 write memory
> privilege exec level 10 show running-config
> All the servers are on GigabitEthernet3/x, and I'd like to limit access
> further to only ports starting GigabitEthernet3/x (i.e. not anything on
> blade 2, and none of the VLAN interfaces).
The privilege command does not allow such fine granularity, so it
would not be possible to implement such a policy.
> TACACS+ would do this easily, but we're already using RADIUS, so that's a
> Anyone able to help?
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp